EPIC maintains web sites and publishes the online EPIC Alert every two weeks on privacy and civil liberties issues. EPIC also publishes Privacy and Human Rights, Litigation Under the Federal Open Government Laws, The Public Voice WSIS Sourcebook, The Privacy Law Sourcebook, and The Consumer Law Sourcebook. EPIC litigates privacy, First Amendment, and Freedom of Information Act cases. EPIC advocates for strong privacy safeguards.

In addition to maintaining privacy.org, EPIC also coordinates the Public Voice coalition, and the Privacy Coalition.

EPIC is registered as a non-profit public charity, and receives most of its funding from contributors, as well as through grants and publication sales. EPIC has an advisory board, a board of directors and a small paid staff.

The Public Voice holds annual conferences, usually in conjunction with the annual International Conference of Data Protection and Privacy Commissioners. In 2009, The Public Voice via EPIC was one of more than 100 organizational signatories to the Madrid Privacy Declaration.[4]

EPIC maintains and publishes its newsletter, the EPIC Alert, every two weeks.

EPIC also publishes several books on privacy and open government, including Privacy and Human Rights, Litigation Under the Federal Open Government Laws, Filters and Freedom, The Public Voice WSIS Sourcebook, The Privacy Law Sourcebook, and The Consumer Law Sourcebook. Other publications include reports on Internet privacy, an analysis of industry self-regulation and how Internet filtering software can block innocuous sites.

EPIC maintains web sites for privacy.org, the Privacy Coalition, the Public Voice coalition, and the National Committee for Voting Integrity, established to promote voter-verified balloting and to preserve privacy protections for elections in the United States.

January 2005: EPIC learned through Freedom of Information Act litigation that the FBI had obtained 257.5 million Passenger Name Records following 9/11, and that the Bureau has permanently incorporated the travel details of tens of millions of innocent people into its law enforcement databases.

March 2005: EPIC urged lawmakers to regulate Choicepoint and other data brokers in testimony before the House Commerce Subcommittee on Consumer Protection. EPIC testified that there is too much secrecy and too little accountability in the business dealings of data brokers, and that Choicepoint's selling of customer information to identity thieves underscored the need for federal regulation of the information broker industry.

April 2005: EPIC filed a complaint[5] asking a federal court to force the FBI to disclose information about its use of expanded investigative authority granted by sun setting provisions of the USA PATRIOT Act. The agency had agreed[6] to quickly process EPIC's Freedom of Information Act request[7] for the data, but had not complied with the timeline for even a standard FOIA request.

May 2005: EPIC testified before the House Judiciary Committee on one of several proposals before Congress to impose new employment verification requirements on those wishing to work within the U.S. The legislation would require all workers to obtain a digital Social Security card and would also empower the Department of Homeland Security to determine employment eligibility of those seeking employment. EPIC opposed the creation of this new employment verification system.

July 2005: EPIC testified before the Senate Foreign Relations Committee in opposition to the ratification of the Council of Europe Convention on Cybercrime. EPIC urged the Senate to oppose ratification because of the convention's sweeping expansion of law enforcement authority, the lack of legal safeguards, and the impact on U.S. Constitutional rights.

July 2005: EPIC testified before the House Commerce Subcommittee on Consumer Protection. EPIC urged Congress to pass strong data security legislation that includes privacy protections for use of personal information.

August 2005: EPIC and a coalition of open government organizations filed an amicus curiae brief[8] in Gonzales v. Doe, a lawsuit concerning the FBI's authority to issue national security letters without judicial approval and under a permanent gag order that bans the recipient from telling anyone about the demand.

August 2005: EPIC petitioned[9] the Federal Communications Commission to initiate a rulemaking to enhance security safeguards for individuals' calling records. The petition follows a complaint[10] concerning the illegal sale of personal information obtained from telephone carriers, and an updated filing[11] where EPIC identified 40 websites that openly offer to obtain calling records without the knowledge and consent of the account holder.

October 2005: EPIC led a campaign of more than 100 organizations that urged Secretary of DefenseDonald Rumsfeld to end the "Joint Advertising and Market Research Studies" Recruiting Database.

October 2005: EPIC filed an amicus brief in a federal case that raised the question of whether the police may coerce a person to provide a DNA sample. EPIC's brief, which provided detailed information on the many problems with DNA dragnets, argued that very clear guidelines must be established before the police may engage in this practice.

November 2005: EPIC testified before the House Homeland Security Committee and warned that the new plan for passenger screening was still flawed. EPIC recommended that the program not go forward until its problems were fixed.

January 2006: EPIC filed suit[12] in federal court against the Justice Department for reports of possible misconduct submitted by the FBI to the Intelligence Oversight Board.

January 2006: EPIC filed a Freedom of Information Act lawsuit[13] against the Justice Department, asking a federal court to order the disclosure of information about the Administration's warrantless domestic surveillance program within 20 days.

January 2006: The Federal Trade Commission announced a settlement with Choicepoint, under which the company had to pay $10 million to the Commission and $5 million to redress consumer harms. It was the largest civil penalty in FTC history. EPIC had filed a complaint with the Federal Trade Commission in December 2004 urging the agency to investigate the compilation and sale of personal dossiers by data brokers.

February 2006: EPIC Executive Director Marc Rotenberg testified[14] before the House Committee on Energy and Commerce on the sale of personal phone records. EPIC called for laws that would ban pretexting (a technique used by data brokers to obtain personal information), as well as enhanced security procedures, and restrictions on the collection of customer data.

February 2006: In a Freedom of Information Act complaint[15] filed in federal court, EPIC sought the release of National Security Agency documents detailing the Administration's warrantless domestic surveillance program.

April 2006: EPIC filed a friend of the court brief[17] in Peterson v. NTIA supporting the rights of .US domain name holders not to publish their personal information on the Internet. In 2005, the Department of Commerce, which administers the .US domain, banned users from using proxy services that would protect privacy.

May 2006: Rotenberg testified[18] at a hearing before the House Subcommittee on Telecommunications and the Internet on the Truth in Caller ID Act of 2006, a bill that would outlaw "spoofing" telephone calls.

November 2006: EPIC joined with other organizations in urging the Supreme Court to review Gilmore v. Gonzales. The case concerns a secret rule that allows airport personnel to require travelers in the United States to produce identification. EPIC's brief said that the secret agency rule "offends the Constitution and implicates the rights of millions of American travelers who are presently subject to arbitrary and unaccountable governmental authority."

February 2007: In testimony[19] before the House Committee on Energy and Commerce, EPIC staff counsel Allison Knight testified in support of the Truth in Caller ID Act of 2007.

April 2007: In response to an EPIC petition, the FCC issued rules to protect the privacy of consumers' telephone records.

April 2007: EPIC, along with the Center for Digital Democracy and U.S. PIRG, filed a complaint[21] with the Federal Trade Commission, urging the Commission to open an investigation into the proposed acquisition of DoubleClick by Google. The groups urged the FTC to assess the ability of Google to record, analyze, track, and profile the activities of Internet users with data that is both personally identifiable and data that is not personally identifiable. The groups further urged the FTC to require Google to publicly present a plan to comply with well-established government and industry privacy standards such as the OECD Privacy Guidelines. Pending the resolution of these and other issues, EPIC encouraged the FTC to halt the acquisition.

March 2009: EPIC filed a complaint with the FTC asking it to examine the privacy protections in Google's cloud computing applications including Picasa, Google Docs and Gmail after an error exposed users' documents publicly without permission.[22]

February 2012: EPIC filed a complaint with the FTC about Google's new consolidated Privacy Policy saying it allowed advertising companies easier access to the data the user viewed in Google services.